What are the events that may influence the extrapolated cybersecurity spending trend in the future? We know that spending will increase – but how much?
The digitalised and highly interconnected world is enormously vulnerable to seemingly invisible small attacks. The increasing value of data and service platforms, and the emergence of the internet of things, will speed up the growth of cyber hazards. Many possible but improbable drivers and events may impact the direction of the trend of cybersecurity spending.
The figure below presents an outcome of Trend Impact Analysis that envisions the future of cybersecurity spending in the coming decade.
The dotted line visualises the extrapolated surprise-free growth trend, or the “baseline trend”, which is formed using historical data. The blue line indicates the modelled average scenario, and the red lines indicate the modelled confidence interval, which includes 90% of all of the thousands randomly generated alternatives for the development. This interval is used in this text to form alternative scenarios for cybersecurity spending in 2030.
BEHIND THE GRAPH – TREND IMPACT ANALYSIS
Trend Impact Analysis is a quantitative forecasting approach which combines the surprise-free extrapolation of a time series with disruptive future events that cause trend changes. The method is useful in cases in which there are some reliable quantitative data, but also some identifiable, semi-probable and highly influential drivers that may influence the trend one way or the other.
In the model, the influential drivers are formulated into events, that are then taken into account by using estimations about their probability within next ten years, their maximum impact (100% means the spending doubles), the time it takes to reach the full effect after the event occurs, and the actualisation time of the event (how fast everything proceeds after the event occurs). After all relevant data is gathered, the model simulates thousands of random future scenarios that form the maximum theoretical confidence interval for the quantitative trend. This interval then covers the future outcomes of the trend, as long as the chosen events and their assessments are correct.
The following table presents the six events that were chosen for this modelling and the initial impact assessments of each.
CYBERSECURITY SPENDING TODAY
In 2018, $145 billion were spent on cybersecurity on a global scale. Even though the pandemic may cause a small drop in the trend, the spending will almost certainly continue to increase. The three scenarios describe how the spending could develop in the coming decade and what could be the primary factors driving its development.
SCENARIO 1: SLOW BUT STEADY 2030
In 2030, the spending on cybersecurity is slowly exceeding $350 billion annually. The COVID-19-induced, long-lasting global recession stalled investments in cybersecurity which created opportunities for both cybercriminals and terrorists. This led globally to several government-subsidised IT-security programs as part of various economic stimulus plans, which partially covered the dropping cybersecurity spending in the private sector. The results of the programs have been promising; breakthroughs in automated cybersecurity applications have been witnessed which have significantly reduced the need for external cybersecurity services. However, the rapid diffusion of ICT in developing nations is slowly driving the global spending up.
Although there have been successes, cybersecurity spending is still too low; cybercrime keeps on harming businesses and individuals worldwide, causing obstacles to economic growth. Demands for public intervention are heard everywhere, but funds are running low. Interestingly, thanks to the stimulus programs, the public in many countries are now considering cybersecurity more and more as a public utility, that should be financed by the state. Some governments, especially in Northern Europe, have launched initiatives aimed at introducing cybersecurity as a human right by 2040.
SCENARIO 2: FOLLOW THE TREND 2030
By 2030, over $400 billion get spent on cybersecurity every year. The trend has mostly followed its previous path, thanks to the quick economic recovery after the pandemic.
Cyberespionage, cybercrime and cyberterrorism have all become permanent fixtures of the everyday life of the digital world during the past decade. Cyberterrorists have acquired capabilities to cause physical damage, and the number of both cybercrime and cyberterrorism incidents have doubled by 2030. For this reason, both the private firms and governments have kept on investing in cybersecurity. The number of cybersecurity activities of many governments, especially those of Europe and North America, has also roughly doubled in monetary terms to keep up with the rising threats.
The general rule of thumb is that cybersecurity investment needs double every seven years. Especially the larger companies working in high-tech fields have seen growth numbers higher than this. Governments have had to grant subsidies in cases in which companies have not been able to keep up with the rising costs. In many firms, R&D operations have suffered from the shift of resources to cybersecurity.
Although cybersecurity spending is still within reasonable limits, there are doubts how long can this pace be maintained. The race to keep the systems and data safe is fierce, and there is no end in sight.
SCENARIO 3: EXPLOSIVE GROWTH 2030
The cybersecurity spending started to soar in 2022, reaching almost $700 billion in 2030. The main driver behind the steep rise has been the US-China competition, so-called Cold War 2.0., that has led to massive cyberespionage and information operations, and actual cyberwarfare actions on both sides. Even though there has been, luckily, no kinetic military action, massive private, and especially public, investments have been necessary to keep the systems safe in both countries and their allies.
The investments have been possible thanks to the economic growth, driven largely by credit operations by central banks and national stimulus packages. Companies in many countries have had access to cheap money, making it possible to buy and build the needed cybersecurity capabilities to survive in a hostile network environment. However, money has been scarcer for developing new products, especially on the consumer side. The cyberwartime is taking its toll.
Though the investments have been huge, no side has been able to come up with a significant cyber advancement that would give it a competitive edge; every new system is matched with a counter system. The arms race, once centred on nuclear warheads and tanks, is now about algorithms, computers and talent to use them. And the last part, talent, is increasingly hard to come by as the countries cannot produce much more programmers than they already do, which is a part of the reason for the soaring expenses.
TURN THESE SCENARIOS INTO ACTIONABLE FORESIGHT
Foresight is a methodology for anticipating potential changes, probabilities and possibilities in situations in which we have some reliable knowledge, but also several uncertainties. Foresight doesn´t aim to provide exact answers, but useful alternatives and what-if scenarios to make your organisation´s planning more sensitive, robust and future-proof. The key concepts of Foresight are trends, drivers, weak signals, wild cards and scenarios.
***
You can find phenomena with Trend Impact Analysis graphs in various phenomena on Futures Platform. Log in to Futures Platform to start the work!